diff options
author | djm@openbsd.org <djm@openbsd.org> | 2016-04-06 06:42:17 +0000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2016-04-08 14:26:06 +1000 |
commit | 0ccbd5eca0f0dd78e71a4b69c66f03a66908d558 (patch) | |
tree | d3b976a3f09569186f2a03d1b87c342432cd4f3c | |
parent | 574def0eb493cd6efeffd4ff2e9257abcffee0c8 (diff) | |
download | openssh-git-0ccbd5eca0f0dd78e71a4b69c66f03a66908d558.tar.gz |
upstream commit
don't record duplicate LocalForward and RemoteForward
entries; fixes failure with ExitOnForwardFailure+hostname canonicalisation
where the same forwards are added on the second pass through the
configuration file. bz#2562; ok dtucker@
Upstream-ID: 40a51d68b6300f1cc61deecdb7d4847b8b7b0de1
-rw-r--r-- | misc.c | 40 | ||||
-rw-r--r-- | misc.h | 4 | ||||
-rw-r--r-- | readconf.c | 15 |
3 files changed, 56 insertions, 3 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.103 2016/04/02 14:37:42 krw Exp $ */ +/* $OpenBSD: misc.c,v 1.104 2016/04/06 06:42:17 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -1144,3 +1144,41 @@ sock_set_v6only(int s) error("setsockopt IPV6_V6ONLY: %s", strerror(errno)); #endif } + +/* + * Compares two strings that maybe be NULL. Returns non-zero if strings + * are both NULL or are identical, returns zero otherwise. + */ +static int +strcmp_maybe_null(const char *a, const char *b) +{ + if ((a == NULL && b != NULL) || (a != NULL && b == NULL)) + return 0; + if (a != NULL && strcmp(a, b) != 0) + return 0; + return 1; +} + +/* + * Compare two forwards, returning non-zero if they are identical or + * zero otherwise. + */ +int +forward_equals(const struct Forward *a, const struct Forward *b) +{ + if (strcmp_maybe_null(a->listen_host, b->listen_host) == 0) + return 0; + if (a->listen_port != b->listen_port) + return 0; + if (strcmp_maybe_null(a->listen_path, b->listen_path) == 0) + return 0; + if (strcmp_maybe_null(a->connect_host, b->connect_host) == 0) + return 0; + if (a->connect_port != b->connect_port) + return 0; + if (strcmp_maybe_null(a->connect_path, b->connect_path) == 0) + return 0; + /* allocated_port and handle are not checked */ + return 1; +} + @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.55 2016/03/02 22:42:40 dtucker Exp $ */ +/* $OpenBSD: misc.h,v 1.56 2016/04/06 06:42:17 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -27,6 +27,8 @@ struct Forward { int handle; /* Handle for dynamic listen ports */ }; +int forward_equals(const struct Forward *, const struct Forward *); + /* Common server and client forwarding options. */ struct ForwardOptions { int gateway_ports; /* Allow remote connects to forwarded ports. */ @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.250 2016/02/08 23:40:12 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.251 2016/04/06 06:42:17 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -294,12 +294,19 @@ void add_local_forward(Options *options, const struct Forward *newfwd) { struct Forward *fwd; + int i; #ifndef NO_IPPORT_RESERVED_CONCEPT extern uid_t original_real_uid; + if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0 && newfwd->listen_path == NULL) fatal("Privileged ports can only be forwarded by root."); #endif + /* Don't add duplicates */ + for (i = 0; i < options->num_local_forwards; i++) { + if (forward_equals(newfwd, options->local_forwards + i)) + return; + } options->local_forwards = xreallocarray(options->local_forwards, options->num_local_forwards + 1, sizeof(*options->local_forwards)); @@ -322,7 +329,13 @@ void add_remote_forward(Options *options, const struct Forward *newfwd) { struct Forward *fwd; + int i; + /* Don't add duplicates */ + for (i = 0; i < options->num_remote_forwards; i++) { + if (forward_equals(newfwd, options->remote_forwards + i)) + return; + } options->remote_forwards = xreallocarray(options->remote_forwards, options->num_remote_forwards + 1, sizeof(*options->remote_forwards)); |